/*
 * Copyright 2012 Alain Pannetrat (L1L1@gmx.com)
 * 
 * This file is part of cookie-miner.
 * 
 * cookie-miner is free software: you can redistribute it and/or modify 
 * it under the terms of the GNU General Public License as published by 
 * the Free Software Foundation, either version 3 of the License, or 
 * (at your option) any later version.
 * 
 * cookie-miner is distributed in the hope that it will be useful, but 
 * WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU 
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License 
 * along with cookie-miner. If not, see http://www.gnu.org/licenses/.
 *
 * @version: $Id$
 *
 */
#include "bufio_ssl.h" 
#include "log_facility.h"
#include "ssl_tools.h"
#include <openssl/err.h>
#include <openssl/x509.h>
#ifdef _WIN32
#include <openssl/applink.c>
#endif

BufferInOutSSL::BufferInOutSSL(int filedes): BufferInOutSocket(filedes),  _ssl_ctx(NULL), _ssl(NULL)
{
	/* empty */
}

const char *cert_name(X509 *cert)
{
	static char c_name[128];

	if (cert==NULL)
		strcpy(c_name,"(YASP!!! NULL CERTIFICATE)");
	else
        	X509_NAME_oneline(X509_get_subject_name(cert), c_name, 128);

	return c_name;
}

BufferInOutSSL* BufferInOutSSL::create(
		int filedes, 
		bool is_server,
		EVP_PKEY *privkey,
		unsigned certlen,
		X509** certchain) 
{
	DH* dhkey;
	int rcode;
	BufferInOutSSL *ret = new BufferInOutSSL(filedes);

	if ((ret->_ssl_ctx = SSL_CTX_new(SSLv23_method()))==NULL)
	{
		logger.message(logger.LOG_ERROR,"Error creating SSL CTX");
		logger.message(logger.LOG_DEBUG,"openssl error - %s\n",ERR_error_string(ERR_get_error(),NULL));
		goto error_cleanup;
	}

	if (certlen && certchain)
	{
		unsigned i;

		if (SSL_CTX_use_certificate(ret->_ssl_ctx,certchain[0])!=1)
		{
			logger.message(logger.LOG_ERROR,"Error loading certificate in SSL CTX");
			logger.message(logger.LOG_DEBUG,"openssl error - %s\n",ERR_error_string(ERR_get_error(),NULL));
			goto error_cleanup;			
		}
		logger.message(logger.LOG_DEBUG,"Added main certificate to SSL CTX: %s", cert_name(certchain[0]));

		for (i=1;i<certlen;i++) 
		{
			if (SSL_CTX_add_extra_chain_cert(ret->_ssl_ctx,certchain[i])!=1)
			{
				logger.message(logger.LOG_ERROR,"Error loading extra certificate number %u in SSL CTX",i);
				logger.message(logger.LOG_DEBUG,"openssl error - %s\n",ERR_error_string(ERR_get_error(),NULL));
				goto error_cleanup;			
			}	
			logger.message(logger.LOG_DEBUG,"Added extra certificate %i to SSL CTX: %s",i,cert_name(certchain[i]));
		}
	}

	if (privkey) {
		if (SSL_CTX_use_PrivateKey(ret->_ssl_ctx,privkey)!=1)
		{
			logger.message(logger.LOG_ERROR,"Error loading private key in SSL CTX");
			logger.message(logger.LOG_DEBUG,"openssl error - %s\n",ERR_error_string(ERR_get_error(),NULL));
			goto error_cleanup;
		}
	}

	dhkey = openssl_load_diffie_hellman_key_from_file("KEYS/dh1024.pem");
	if (dhkey) {
		if (SSL_CTX_set_tmp_dh(ret->_ssl_ctx,dhkey)!=1)
		{
			logger.message(logger.LOG_ERROR,"Error loading DH key in SSL CTX");
			logger.message(logger.LOG_DEBUG,"openssl error - %s\n",ERR_error_string(ERR_get_error(),NULL));
			goto error_cleanup;
		}
	}

	if ((ret->_ssl = SSL_new(ret->_ssl_ctx))==NULL)
	{
		logger.message(logger.LOG_ERROR,"Error creating SSL structure from SSL CTX");
		logger.message(logger.LOG_DEBUG,"openssl error - %s\n",ERR_error_string(ERR_get_error(),NULL));
		goto error_cleanup;
	}

	if (SSL_set_fd(ret->_ssl,ret->_filedes)!=1)
	{
		logger.message(logger.LOG_ERROR,"Error tying SSL structure to file descriptor '%i'",ret->_filedes);
		logger.message(logger.LOG_DEBUG,"openssl error - %s\n",ERR_error_string(ERR_get_error(),NULL));
		goto error_cleanup;
	}

	if (is_server)
	{

		if ((rcode = SSL_accept(ret->_ssl))<=0)
		{
			logger.message(logger.LOG_ERROR,"Error creating SSL server accept");
			switch (SSL_get_error(ret->_ssl,rcode)) {
				case SSL_ERROR_NONE:
					logger.message(logger.LOG_DEBUG,"No error, this is odd...");
					break;
				case SSL_ERROR_WANT_READ:
					logger.message(logger.LOG_DEBUG,"SSL Error reports SSL_ERROR_WANT_READ");
					break;
				case SSL_ERROR_WANT_WRITE:
					logger.message(logger.LOG_DEBUG,"SSL Error reports SSL_ERROR_WANT_WRITE");
					break;
				case SSL_ERROR_WANT_CONNECT:
					logger.message(logger.LOG_DEBUG,"SSL Error reports SSL_ERROR_WANT_CONNECT");
					break;
				case SSL_ERROR_WANT_ACCEPT:
					logger.message(logger.LOG_DEBUG,"SSL Error reports SSL_ERROR_WANT_ACCEPT");
					break;
				case SSL_ERROR_WANT_X509_LOOKUP:
					logger.message(logger.LOG_DEBUG,"SSL Error reports SSL_ERROR_WANT_X509_LOOKUP");
					break;
				case SSL_ERROR_SYSCALL:
					if (ERR_peek_error()!=0)
					{
						logger.message(logger.LOG_DEBUG,"SSL Error reports SSL_ERROR_SYSCALL: %s",ERR_error_string(ERR_get_error(),NULL));
					}
					else
					{
						if (rcode==0) 
							logger.message(logger.LOG_DEBUG,"SSL Error reports SSL_ERROR_SYSCALL - file close violates SSL protocol");
						else
							logger.message(logger.LOG_DEBUG,"SSL Error reports SSL_ERROR_SYSCALL - %s",strerror(errno));
					}
					break;
				case SSL_ERROR_SSL:
					logger.message(logger.LOG_DEBUG,"SSL Error reports SSL_ERROR_SSL: %s",ERR_error_string(ERR_get_error(),NULL));
					break;
				default:
					logger.message(logger.LOG_DEBUG,"SSL unknwon error");	
			}
			goto error_cleanup;
		}

	}
	else
	{

		if (SSL_connect(ret->_ssl)<=0)
		{
			logger.message(logger.LOG_ERROR,"Error creating SSL client connect");
			logger.message(logger.LOG_DEBUG,"openssl error - %s\n",ERR_error_string(ERR_get_error(),NULL));
			goto error_cleanup;
		}

	}

	return ret;
error_cleanup:

	if (ret->_ssl_ctx)
	{
		SSL_CTX_free(ret->_ssl_ctx);
		ret->_ssl_ctx = NULL;
	}
	delete ret;
	return NULL;
}

bool BufferInOutSSL::read_load()
{
    int ret;

    if (_eof) return false;

    _read_pos = 0;

    ret = SSL_read(_ssl,_read_buf,BUFIO_BUFLEN);

    switch (SSL_get_error(_ssl,ret))
    {
	case SSL_ERROR_NONE:
	    _read_size = (unsigned)ret;
	    return true;
	case SSL_ERROR_ZERO_RETURN:
	    logger.message(logger.LOG_DEBUG,"SSL_ERROR_ZERO_RETURN in io_load() - SSL connection closed cleanly");
	    _eof = true;
	    return false;
	case SSL_ERROR_WANT_READ:
	case SSL_ERROR_WANT_WRITE:
	    return read_load();
	case SSL_ERROR_WANT_CONNECT:
	    logger.message(logger.LOG_DEBUG,"SSL_ERROR_WANT_CONNECT in read_load()");
	    break;
	case SSL_ERROR_WANT_ACCEPT:
	    logger.message(logger.LOG_DEBUG,"SSL_ERROR_WANT_ACCEPT in read_load()");
	    break;
	case SSL_ERROR_WANT_X509_LOOKUP:
	    logger.message(logger.LOG_DEBUG,"SSL_ERROR_WANT_X509_LOOKUP in read_load()");
	    break;
	case SSL_ERROR_SYSCALL:
	    logger.message(logger.LOG_DEBUG,"SSL_ERROR_SYSCALL in read_load()");
	    break;
	case SSL_ERROR_SSL:
	    logger.message(logger.LOG_DEBUG,"SSL_ERROR_SSL in read_load()");
	    break;
	default:
	    logger.message(logger.LOG_DEBUG,"Unknown SSL_ERROR in read_load()");
    }

    logger.message(logger.LOG_ERROR,"openssl error in read_load() - %s",ERR_error_string(ERR_get_error(),NULL));
    _eof = true;
    return false;

}

bool BufferInOutSSL::write_flush()
{
	int ret; 

	if (_eof) return false;
	
	if (_write_size==0) return true;

	ret = SSL_write(_ssl,_write_buf,_write_size);
	
	switch (SSL_get_error(_ssl,ret))
	{
		case SSL_ERROR_NONE:
			_write_size = 0;
			return true;
		case SSL_ERROR_ZERO_RETURN:
			logger.message(logger.LOG_DEBUG,"SSL_ERROR_ZERO_RETURN in write_flush() - SSL connection closed cleanly");
			break;
		case SSL_ERROR_WANT_READ:
		case SSL_ERROR_WANT_WRITE:
			return write_flush();
		case SSL_ERROR_WANT_CONNECT:
			logger.message(logger.LOG_DEBUG,"SSL_ERROR_WANT_CONNECT in write_flush()");
			break;
		case SSL_ERROR_WANT_ACCEPT:
			logger.message(logger.LOG_DEBUG,"SSL_ERROR_WANT_ACCEPT in write_flush()");
			break;
		case SSL_ERROR_WANT_X509_LOOKUP:
			logger.message(logger.LOG_DEBUG,"SSL_ERROR_WANT_X509_LOOKUP in write_flush()");
			break;
		case SSL_ERROR_SYSCALL:
			logger.message(logger.LOG_DEBUG,"SSL_ERROR_SYSCALL in write_flush()");
			break;
		case SSL_ERROR_SSL:
			logger.message(logger.LOG_DEBUG,"SSL_ERROR_SSL in write_flush()");
			break;
		default:
			logger.message(logger.LOG_DEBUG,"Unknown SSL_ERROR in read_load()");
	}

    logger.message(logger.LOG_ERROR,"openssl error in write_flush() - %s",ERR_error_string(ERR_get_error(),NULL));
    _eof = true;
    return false;
}

BufferInOutSSL::~BufferInOutSSL()
{
	if (_ssl) 
	{
		SSL_shutdown(_ssl);
		SSL_free(_ssl);
	}
	if (_ssl_ctx)
		SSL_CTX_free(_ssl_ctx);
}

